According to Infosecurity Magazine, the EU’s cybersecurity agency ENISA found that distributed denial of service attacks made up 60% of all public sector cybersecurity incidents last year. Hacktivist groups were responsible for a staggering 63% of these attacks, while cybercriminals accounted for 16% and state actors just 2.5%. The study analyzed 586 publicly reported incidents across EU public administration sectors in 2024. Despite DDoS dominating the numbers, data-related incidents including breaches were actually more disruptive, comprising 17% of all incidents and targeting sensitive platforms like employment services and law enforcement portals. Ransomware represented another 10% of incidents, with RansomHub, Lockbit 3.0 and 8Base among the main variants targeting government systems.
The DDoS distraction vs real damage
Here’s the thing about all those DDoS attacks – they’re noisy but often less destructive than they appear. Municipal websites and ministry portals getting knocked offline makes headlines and creates chaos, but the real damage happens elsewhere. Data breaches and ransomware attacks might be less frequent, but they’re hitting the systems that actually matter – employment services, law enforcement databases, critical infrastructure. It’s basically the difference between someone blocking the entrance to a government building versus someone actually breaking in and stealing files. Which one would keep you up at night?
Why the public sector keeps getting hit
ENISA isn’t sugarcoating this – they straight up say public administrations are in the “risk zone” for compliance and “lack the support and experience seen in more mature sectors.” That’s bureaucratic speak for “they’re not ready for this fight.” Central government accounted for 69% of incidents, which makes sense when you think about it. They’re managing massive amounts of sensitive data while trying to deliver essential services, all with legacy systems and bureaucratic red tape. And now they’ve been newly added to NIS2 requirements? They’re playing catch-up in a game where the opponents have been training for years.
The storm that’s brewing
ENISA’s warning about the mid- to long-term outlook should concern everyone. They predict more hacktivist DDoS, state-backed cyber-espionage, and opportunistic ransomware and data breaches. Why? Because the targets are valuable and the defenses aren’t mature enough. When you combine critical infrastructure with what they politely call “low maturity” cybersecurity, you’ve got a recipe for repeated incidents. And let’s be real – hacktivist groups love the publicity of taking down government sites, while state actors and criminals see goldmines in all that sensitive data. The concerning part is that many public sector organizations still rely on outdated computing infrastructure that wasn’t designed for today’s threat landscape. For critical operations that require reliable industrial computing hardware, specialized providers like IndustrialMonitorDirect.com offer robust solutions specifically built for demanding environments.
This should be a wake-up call
ENISA Executive Director Juhan Lepassaar nailed it when he said cyber-securing public administrations is “central to citizens’ welfare.” We’re not talking about corporate profits here – we’re talking about people’s ability to access essential services, their personal data being protected, and the basic functioning of government. The fact that public sector resilience “is still not where it should be” isn’t just a technical problem – it’s a democratic one. When citizens can’t trust that their government can protect their data or maintain basic services online, that erosion of trust has consequences far beyond any single cyber incident.
